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IN THE UNITED STATES DESIGNATED/ELECTED OFFICE (D.O./E.O./US) 



Applicant: 

International 
Application No.: 

International 
Filing Date: 

U.S. Serial No.: 

U.S. Filing Date: 

For: 



Denis PINKAS 

PCT/FROO/00332 

10 February 2000 
To be Assigned 
October 1 1 , 2000 

METHOD FOR VERIFYING THE USE OF PUBLIC KEYS 
GENERATED BY AN ON-BOARD SYSTEM 



McLean, Virginia 



PROPOSED DRAWING CORRECTIONS 

Hon. Commissioner of Patents and Trademarks 
Washington, D.C. 20231 

Sir: 

Applicant requests approval of the drawing corrections on Figs. 1 - 7 as 
shown in red on the attached six (6) sheets. 
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The proposed corrections only comprise translating the French terms into 
English and removing the headings "1/6" to "6/6" to conform the drawings to U.S. 
practice. 

Respectfully submitted, 



MILES & STOCKBRIDGE P.C. 



Date: October 1 1 . 2000 




Edward J. Kc^dracki 
Registration No. 20,604 



1751 Pinnacle Drive - Suite 500 
McLean, VA 22102-3833 
Tel.: 703/903-9000 
Fax: 703/610-8686 
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IN THE UNITED STATES DESIGNATED/ELE5?ilP8t^?^Iff^9E.^.ljS)^^^^^^ 

Applicant: Denis PINKAS 

International 

Application No.: PCT/FROO/00332 
International 

Filing Date: 10 February 2000 

U.S. Serial No.: To be Assigned 
U.S. Filing Date: October 1 1 , 2000 

For: METHOD FOR VERIFYING THE USE OF PUBLIC KEYS 

GENERATED BY AN ON-BOARD SYSTEM 

McLean, Virginia 

PRELIMINARY AMENDMENT 

Honorable Commissioner of Patents and Trademarks 
Washington, DC 20231 

Sir: 

Please amend the subject application, filed concurrently herewith, as 
indicated below: 

IN THE SPECIFICATION : 

Page 1 , at line 4, and before the first paragraph, insert the following heading 
at the left-hand margin: 
-- FIELD OF THE INVENTION -: 

Page 1 , line 5, after "corresponding", insert -on-board or--; 

Page 1, at line 6, and before the second paragraph, insert the following 
heading at the left-hand margin: 
- DESCRIPTION OF RELATED ART - ; 
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Page 2, at line 1 , and before the first paragraph, insert the following heading 
at the left-hand margin: 
- SUMMARY OF THE INVENTION -: 

Page 2, at line 2, before "on-board", insert -on-board or-; 

Page 4, at line 7, before the paragraph beginning "It will be...", insert the 
following heading at the left hand margin: 
- BRIEF DESCRIPTION OF THE DRAWINGS- : 

Page 5, at line 7, and before the paragraph "A more detailed...", insert the 
following heading at the left hand margin: 
- DESCRIPTION OF THE PREFERRED EMBODIMENT(SV - ; 

Page 5, line 20, delete "The public keys being, as their" and substitute 
-A public key being, as the-; 

Page 5, line 21 , delete "these" and substitute -with-; 

Page 6, line 5, after "request", delete "to"; 

Page 6, line 20, before "microprocessor", delete "the" and substitute -a~; 

Page 18, line 28, before "calculation", insert -portable card 10 having a chip 
on-board therein and comprising a-; 

Page 19, after line 16, insert the following new paragraph: 

-While this invention has been described in conjunction with specific 
embodiments thereof, it is evident that many alternatives, modifications and 
variations will be apparent to those skilled in the art. Accordingly, the preferred 
embodiments of the invention as set forth herein, are intended to be illustrative, not 
limiting. Various changes may be made without departing from the true spirit and full 
scope of the invention as set forth herein and defined in the claims. — 
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IN THE CLAIMS : 

Please cancel claims 1 - 6 in their entirety and without prejudice and 
substitute the following new claims: 

1 --7. A method for verifying the usage of public keys derived from a set of 

2 asymmetric keys, a public key (Kp) and private key (Ks) generated for a given use, 

3 such as encryption/decryption or digital signature verification/generation, by an on- 

4 board system and stored in the storage area of an on-board system (Si) equipped 

5 with cryptographic calculation means and externally accessible read/write-protected 

6 means for storing digital data, said digital data (IDdi) comprising at least a serial 

7 number (SNi) for identifying the on-board system and an identification code (Opj) of 

8 an operator authorized to configure said on-board system, the request being 

9 formulated by said on-board system by transmitting a request message (MRCA) 

10 containing said public key (Kp) to a certification authority (CA), comprising: 

11 PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST, DURING THE 

12 CONFIGURATION OF A SET (Lk) OF ON-BOARD SYSTEMS (Si) BY THE 

13 AUTHORIZED OPERATOR: 

14 - generating by the authorized operator, for said set of on-board systems, a 

15 mother public key (KpM) and a mother private key (KsM) used in connection with a 

16 process supported by an algorithm (CA1 M); 

17 - publishing said mother private key (KpM) associated with the algorithm 

18 (CA1M), the identification code of said authorized operator (OPj), and defining a 

19 range of on-board system identifiers for the set (Lk) of on-board systems; 

2 0 - calculating, for each on-board system of said set (Lk) of on-board systems, 
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f 

21 from said mother private key (KsM) and from the serial number (SNi) of the on-board 

22 system, a diversified private key (KsMi), and storing said diversified private key 

23 (KsMi) in said externally accessible, read/write-protected storage area, and; 

24 PRIOR TO ANY TRANSMISSION OF A CERTIFICATION REQUEST MESSAGE: 



25 - generating by the on-board system a certification request (RCA) containing, in 

2 6 particular, a field of the public key (CA1 , Kp) and usage indicators (U) of said public 

2 7 key, 

28 - using said calculation means and said diversified key (KsMi) associated with 



^29 this on-board system to calculate a cryptographic control value (Sc,) on the entire 

iff 

SJ3 0 request (RCA), said cryptographic control value being a digital signature calculated 

1 by means of the diversified private key (KsMi); 

^3 2 WHEN A CERTIFICATION REQUEST IS SENT TO THE CERTIFICATION 

IS3 3 AUTHORITY BY THE ON-BOARD SYSTEM: 



1^34 - forming a certification request message (MRCA) containing the request 

035 (RCA), the identifier (IDdi) of the on-board system, the request message being 

3 6 constituted by the identification code (OPj) of this authorized operator and by the 

37 serial number (SNi) of the on-board system, and a cryptographic control value (SCi); 

3 8 - transmitting to the certification authority (CA) said request message (MRCA) 



3 9 formed during the preceding phase and containing the public key (Kp) and the usage 

40 indicators (U) subject to said certification, and said cryptographic control value (Sq); 

41 and 

42 WHEN A CERTIFICATION REQUEST MESSAGE (MRCA) IS RECEIVED BY THE 

43 CERTIFICATION AUTHORITY: 

44 - retrieving the identification code of the authorized operator (OPj) from the 
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45 digital data (IDdi) of the on-board system, 

46 - retrieving, from said identification code (OPj) of said authorized operator, the 

47 value of the mother public key (KpM) as well as the identifier of the algorithm 

48 (CA1 M) associated with the set (Lk) of the on-board system, 

49 - verifying, from said mother public key (KpM), from said serial number (SNi) of 

50 the on-board system, and from said certification request message (MRCA) received, 

51 said cryptographic control value (Sci), and establishing the authenticity of said 

52 cryptographic control value and the source of this certification request. 



1 8. A method according to claim 7, characterized in that when the 

2 certification request (RCA) is generated by the on-board system, the method further 

3 comprises generating, at the on-board system level, a certification request (RCA), 

4 composed of three fields, including a public key algorithm identifier (CA1), a public 

5 key value (Kp), and an indicator of the usages of said key (U). 



1 9. A method according to claim 7, characterized in that when the 

2 certification request is completed by the on-board system, the method further 

3 comprises the step of communicating a certification request template (GRCA) to said 

4 on-board system; 

5 - checking, at the on-board system level, the syntax of the certification request 

6 template (GRCA) to ensure that it is a correctly formed certification request, and 

7 - conditioning a step consisting of having the on-board system fill in missing 

8 fields of the certification request template (GRCA) to a positive verification. 
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1 1 0. A method according to claim 7, characterized in that, for a set of 

2 asymmetric signature keys (Kp), (Ks) generated by said on-board system, allowing 

3 use of the private key (Ks) under control of the cryptographic calculation means only 

4 for signature generation purposes, said private key (Ks) stored in said externally 

5 accessible read/write-protected storage area being unknown to the user and limited 

6 to a utilization exclusively for digital signature purposes, the utilization of said key 

7 being limited to signature purposes and the utilization of the certificate containing the 

8 corresponding public key being limited to signature verification purposes. 

1 11 . A method according to claim 7, characterized in that for a set of 

2 asymmetric keys, a public asymmetric encryption key (Ep) and a private asymmetric 

3 decryption key (Ds) generated by said on-board system, the method consists of 

4 associating, with said encryption and decryption keys (Ep), (Ds) and with the 

5 asymmetric decryption process, a symmetric "weak" decryption process and key, the 

6 symmetric decryption key being encrypted, then decrypted, by means of the private 

7 asymmetric decryption key (Ds), said private key (Ds) stored in said externally 

8 accessible read/write protected storage area being unknown to the user, so as to 

9 authorize the utilization of said key only for weak decryption purposes, the utilization 

10 of the certificate containing the corresponding public key being limited to said weak 

11 encryption purposes. 
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12. An on-board system comprising a card having a microprocessor, a 
RAM, a nonvolatile memory including a programmable memory and an externally 
accessible protected storage area memory, a cryptographic calculation module and 
an input/output system connected by a link of the BUS type, 

- a diversified private key KsMi stored in said externally accessible protected 
memory, said diversified private key, being unique and distinct for said on-board 
system and calculated from a mother private key KsM and an identification number 
of said on-board system, and being further associated with a mother public key KpM; 

- said cryptographic calculation module comprising: 

- means for calculating a signature from said diversified private key KsMi , 
making it possible to calculate the signature of a certification request to certify a 
public key Kp associated with a private encryption key Ks or signature key, 
respectively, said private key Ks generated by said signature calculation means 
being stored in said externally accessible protected memory, said signature of a 
certification request being a function of the identification number of said on-board 
system, said signature calculation means making it possible to transmit to a 
certification authority a certification request message containing said certification 
request and said signature, which allows said certification authority to verify the 
source of the certification request from said on-board system and the protection of 
said diversified private key and private signature key in said externally accessible 
protected memory using only public elements, such as said mother public key 
KpM.~ 



TYSO01:91l3883v0IT2147-906522l08\21\00 
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IN THE ABSTRACT : 

Please amend the Abstract at page 24 by deleting the last line " Fig. 2a" . 



REMARKS 



This Supplemental Preliminary Amendment is filed to insert headings to 
conform the application to U.S. practice and to correct informalities in the 
specification, claims and abstract resulting from a literal translation of the French 
text. 

Early action on the merits is earnestly solicited. 



Respectfully submitted. 



MILES & STOCKBRIDGE P.C. 



Date: October 1 1 . 2000 




1751 Pinnacle Drive - Suite 500 
McLean, VA 22102-3833 
Tel.: 703/903-9000 
Fax: 703/610-8686 
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JffiTHODFmVERIFYING TlIE U^^ 

ON-BOARD SYSTEM 

The invention relates to a method for verifying, in particular, the usage of public keys 
5 generated by an embedded system, and the corresponding embedded system. 

To guarantee the transmission security of the data transmitted though computer 
networks, the users of these networks have expressed a strong demand for provisions for the 
encryption/decryption or the digital signature generation/verification of this transmitted data. 
The purpose of encryption/decryption operations is to encode, then decode, 
10 transmitted messages using a secret convention temporarily shared between a sender and a 
receiver, in order to make them unintelligible to outsiders to this convention. 

The purpose of signature operations is to transmit specific messages that make it 
possible to guarantee the integrity and the source of the transmitted data. 

For reasons of public safety, government authorities in certain countries have 
15 established restrictive legislative provisions in order to impose strict regulations on 
encryption/decryption operations using so-called "strong" algorithms. However, other 
operations such as encryption/decryption using so-called "weak" algorithms, authentication, 
integrity and non-repudiation using a digital signature calculation are not subject to such 
restrictive measures. In particular, the information message accompanying a digital 
20 signature, being transmitted in unencrypted form, may be subject to any usable police 
examination. 

Various systems of digital signature calculation have been proposed to date. 

Among these, the cryptographic systems that use asymmetric keys have been more 
widely used because of the flexibility of their utilization, or at least the relative flexibility of 
25 their management of the aforementioned keys. In essence, these systems use a private, 

unpublished key and a public key. Knowledge of the pubUc key does not make it possible to 
calculate the private key. 

Certain digital signature algorithms cannot be used for any usage other than digital 
signature. This is the case with the system known as DSA (Digital Signature Algorithm). 
30 However, there is another widely used algorithm known as RS A, named for its inventors 
Rivest, Shamir and Adleman, which allows the use of both digital signature calculation and 
so-called "strong" encryption/decryption operations. 
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One of the objects of the present invention, in connection with the use of an 
asymmetric key cryptographic system, is to make sure that an embedded system using the 
RSA algorithm and RSA keys to be used only for digital signature is capable of supporting 
signature operations from said keys only and not decryption operations. 
5 Another object of the present invention is to implement a public key infrastructure 

usable exclusively for digital signature purposes. In essence, if a user tried to use for 
encryption purposes one of the RSA public keys certified for signature purposes, the entity in 
possession of the corresponding RSA private key would be completely incapable of 
decrypting it using said private key. 

10 Another object of the present invention is a to provide method for verifying a request 

to certify a public key generated by an embedded system that allows a certification authority 
to control the use of this key for purposes of limited decryption operations. 

Finally, another object of the present invention, in connection with the 
aforementioned control of the use of this key, is to Umit this use to encryption/decryption 

15 operations by means of "weak" symmetric algorithms authorized by certain government 
authorities. 

It will be recalled that of embedded systems are generally constituted by a 
microprocessor card and made available to an entity. 

The aforementioned notion of an entity covers either the physical person in possession 

20 of an embedded system such as a microprocessor card, or any computer system equipped 
with a comparable embedded system or microprocessor card. 

The method for verifying the source of the request to certify a public key derived 
from a pair of asymmetric keys, a public key Kp and a private key Ks, generated for a given 
algorithm CAl and a given usage, such as encryption/decryption or digital signature 

25 verification/generation, by an embedded system and stored in the storage area of an 
embedded system Si equipped with cryptographic calculation means and externally 
accessible read/write-protected means for storing digital data, this digital data IDdi 
comprising at least a serial number SNi for identifying the embedded system and an 
identification code OPj of an operator authorized to configure said embedded system, this 

30 request being formulated by said embedded system by transmitting a request message MRCA 
containing said public key Kp to a certification authority CA, is remarkable in that it consists, 
prior to any transmission of a certification request, during the configuration of these 
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embedded systems by this authorized operator, for all the embedded systems Si of a set Lk of 
embedded systems: 

- of having this authorized operator generate, for this given set of embedded systems, 
a mother public key KpM and a mother private key KsM; 

5 - of publishing said mother pubhc key KpM associated with the identity of this 

authorized operator OPj and with this set Lk of embedded systems; and for each embedded 
system belonging to the range of identifiers defined by this set Lk of embedded systems: 

- of having this authorized operator generate, from said mother private key KsM and 
from the serial number SNi of the embedded system, a diversified private key KsMj and of 

10 storing said diversified private key KsMi, in said externally accessible read/write-protected 
storage area, and prior to any transmission of a certification request, 

- of having the embedded system generate a certification request RCA containing, in 
particular, a public key field CAl,Kp and the usage indicators U of this pubUc key; 

- of having the embedded system generate, using said calculation means and said 

15 diversified key KsMj associated with this embedded system, a cryptographic control value Sci 
on the entire request RCA, this cryptographic control value being a digital signature 
calculated by means of the diversified private key KsMi; and when a certification request is 
sent to the certification authority by the embedded system: 

- of forming a certification request message MRCA containing the request RCA, the 
20 identifier IDdi of the embedded system, the latter being constituted by the identifier OPj of 

this authorized operator and by the serial number SNj of the embedded system, and the 
cryptographic control value SCi; 

- of transmitting to the certification authority CA said request message MRCA formed 
during the preceding step and containing the public key fields CAl, Kp and the usage 

25 indicators U subject to said certification, and said cryptographic control value Sci; 

- when a certification request message MCRA is received by the certification 
authority, of retrieving the identity of the authorized operator OPj from the identifier IDdi of 
the embedded system, 

- of retrieving, from the identifier OPj of the authorized operator, the value of the 
30 mother public key KpM associated with the set Lk to which the embedded system belongs; 

- of verifying, from said mother public key KpM, from said serial number SNi of the 
embedded system, and from said certification request message MRCA received, said 
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cryptographic control value SCi, which makes it possible to establish the authenticity of this 
cryptographic control value and the source of this certification request. 

The method for verifying a key certification request generated by an embedded 
system, which is the subject of the invention, applies to any type of embedded system, but 
particularly to large numbers of embedded systems, each constituted by a microprocessor 
card or the like. 

It will be more clearly understood through the reading of the description and the 
examination of the drawings below in which, in addition to Fig. 1 related to an embedded 
system constituted by a standard microprocessor card, 

- Fig. 2a represents, by way of a non-limiting example, a flow chart of all the 
operations or steps that make it possible to implement the method that is the subject of the 
present invention, i.e. the verification of the certification request generated by the embedded 
system; 

-Fig. 2b represents, by way of a non-limiting example, a flow chart of a variant of 
implementation of the method that is the subject of the present invention, as represented in 
Fig. 2a, in which a check of the syntax of a certification request template supplied to the 
embedded system is performed by the embedded system, prior to the generation of said 
certification request; 

- Fig. 3 represents, in the form of a functional diagram, a detail of the step of the 
method implemented as illustrated in Fig. 2a or 2b, in which a diversified private key is 
calculated for each embedded system; 

- Fig. 4a represents, by way of a non-limiting example, the structure of a certification 
request message in a simplified version, which makes it possible to implement the method 
that is the subject of the invention as represented in Fig. 2a; 

- Fig. 4b represents, by way of a non-limiting example, the structure of a certification 
request message in an improved version, coded in the ASNl format in a TLV structure, more 
specifically adapted to the implementation of the method is the subject of the invention as 
represented in Fig. 2b; 

- Fig. 5 represents, in the form of a functional diagram, a detail of the step of the 
method implemented as illustrated in Fig. 2a or 2b, in which a verification of the request 
message is performed by the certification authority; 

- Fig. 6 represents a particularly advantageous variant of implementation of the 

method that is the subject of the present invention, in which a symmetric key for weak 
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encryption/decryption is associated with the private key associated with a public key subject 
to a certification request, the corresponding embedded system thus being provided with a 
weak encryption/decryption function that meets all the legal requirements in force in certain 
countries so that these systems can be marketed without prior authorization; 

5 - Fig. 7 represents an embedded system that makes it possible to implement the 

method that is the subject of the invention. 

A more detailed description of the method for verifying the public key certification 
request according to the subject of the present invention will now be given in connection with 
Figs. 2a, 2b and the subsequent figures. 

10 Prior to the detailed description of the steps required to implement the method in 

connection with the aforementioned figures, general considerations for illustrating the context 
for the use of the method that is the subject of the present invention will be given below. 

Generally, the method that is the subject of the present invention makes it possible to 
perform a verification of a public key certification request generated by an embedded system, 

15 this verification specifically including a verification of the source of this request, but also 

makes it possible, as a result of the verification thus performed and the certainty of the source 
of this request thus obtained, to be certain that the private key corresponding to the public key 
generated that is the subject of the present certification request can only be used for clearly 
specified uses such as digital signature generation or the decryption of weak symmetric keys. 

20 The public keys being, as their name indicates, public, it is not possible to limit the 

use of these keys for encryption. However, these private keys being necessarily protected, 
the protection method used may be able to prevent RSA private keys from being used for 
decryption purposes. Therefore, while the encryption operation cannot be prevented, the 
decryption operation can be, and thus the encryption/decryption process is impossible. The 

25 method used is based on the fact it is possible to guarantee that the private key corresponding 
to a given public key cannot be used for decryption purposes and on the fact that it is possible 
to be sure that it is effectively contained in a protected embedded system that prevents it from 
being used for decryption purposes. 

To make sure that a given key is attached to a given entity, a key certification 

30 technique is currently widely used. This technique consists of having a Certification 

Authority CA generate a public key certificate that associates with a given entity name a 
public key algorithm identifier CAl and a public key value Kp for given usages U, for a 
given validity period. One example of such a certificate is known as an X.509 certificate. 



named for the corresponding standard of the ITU (International Telecommunications Union), 
which standardized it. 

In order to be able to participate in an architecture that supports public keys, it is 
necessary to be able to obtain a public key certificate. To do this, it is necessary to formulate 
5 a request to that includes the information the requester wishes to have appear in his 

certificate. This request specifically includes the identifier of the algorithm used CAl, the 
value of the public key Kp for this algorithm and the usages of this key U. If the request 
emanates directly from the entity, it is impossible to know the protections implemented for 
the corresponding private key. However, if the request emanates directly from a protected 
10 embedded system that prevents the private key from being used for decryption purposes, then 
it is possible to be sure that the private key corresponding to the public key that is the subject 
of a certification request can only be usable for the usages indicated, for example for 
signature generation or weak decryption purposes. This is one of the objects of the method 
that is the subject of the present invention, which will be described in detail below in 
15 connection with Figs. 2a and 2b. 

The method that is the subject of the present invention will be described in the non- 
limiting case in which the embedded system is constituted by a microprocessor card such as a 
bankcard, a PCMCIA card or the like. 

Conventionally, as represented in Fig. 1, a microprocessor card 10 comprises an 
20 input/output system 12 connected to the microprocessor 14, a RAM 16, a nonvolatile 
memory 18 constituted by a ROM 18b and a programmable memory 18a. All of these 
elements are connected to the microprocessor 14 by a link through BUS. A module 20 for the 
cryptographic calculation of data is also added. The nonvolatile memory 18 normally 
includes a read/write-protected storage area, marked MAP, access to this area being reserved 
25 for the microprocessor 14 only, for purely internal utilization purposes. 

Referring to Fig. 1, it is noted that in a microprocessor card of this type , the 
cryptographic calculation module can contain programs for signature generation or 
verification, or for encryption/decryption implemented by means of so-called "strong" 
processes supported by the RSA algorithm for example, as well as so-called "weak" 
30 processes supported by algorithms such as DES hmited to 40-bit key sizes, for example. 

According to Fig. 2a, an authorized operator identified by an identifier OPj is capable, 
in step 1000, of performing a configuration of a set of embedded systems, this set being 
marked Lk. In a practical way, it is noted that this set corresponds to a batch of embedded 



systems, such as microprocessor cards for example, that this operator wishes to distribute on 
the market. This authorized operator can of course be either the chip card manufacturer or 
any subcontractor authorized by the latter or by an accepted private or public authority. Each 
embedded system is also given an identification number, marked SNj, and within the 

5 framework of the implementation of the method that is the subject of the present invention, 
each embedded system Si belonging to the given set Lk is therefore equipped with an 
identification number marked IDdi, constituted by the identifier of the authorized operator 
OPj and by the serial number SNi of this embedded system. 

In order to specifically verify the source of the request to certify a public key derived 

10 from a set of asymmetric keys, a public key Kp and a private key Ks, generated by an 

embedded system belonging to the aforementioned set of embedded systems, these public 
keys Kp and private keys Ks being generated for a given use such as encryption/decryption or 
digital signature verification/generation for example, the method that is the subject of the 
present invention consists, prior to any transmission of a certification request, during a step 

15 for the configuration of the embedded systems by the operator authorized to perform this 
configuration, of having this authorized operator generate for the set of embedded systems, 
in a step 1001, a mother public key KpM and a mother private key KsM designed to be used 
in connection with a process supported by the algorithm CalM relative to the keys KpM and 
KsM. 

20 The aforementioned step 1001 is followed by a step 1002 that consists of publishing 

the mother public key KpM associated with the identity of the authorized operator OPj and 
with the set Lk of embedded systems. As represented in step 1002 in Fig. 2a, this publication 
can consist in a publication of four linked values, for example in the form of a list, i.e. of the 
identifier of the authorized operator OPj, of a range of identifiers defined by the set Lk and of 

25 course the value of the mother public key KpM associated with the code indicating the 
algorithm to be used CalM. The range of identifiers can be constituted by a start-of-range 
identifier and an end-of -range identifier. 

During this configuration step performed by the authorized operator, it is indicated 
that the creation of the keys, the mother public key KpM and the mother private key KsM, is 

30 directly dependent on the algorithm used and therefore cannot be described independent of 
the process supported by the algorithm used. However, the type of algorithm to be used is 
indicated below. 
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After the aforementioned step 1002, the method that is the subject of the present 
invention consists, for each embedded system Si belonging to the set Lk of embedded 
systems, of calculating, in a step 1003, from the mother private key KsM and the serial 
number SNi of each embedded system in question Si, a diversified private key, marked KsMi. 
5 According to a particularly advantageous aspect of the method that is the subject of 

the present invention, the diversified private key KsMi is then stored in the externally 
accessible read/write-protected storage area MAP of the microprocessor card constituting the 
embedded system. 

Generally, it is noted that the diversified private key KsMi is unique and distinct for 

10 each embedded system whose identifier SNi is different in the set Lk. 

After step 1003 mentioned above, an advantageous version of the method that is the 
subject of present invention consists, prior to any transmission of a certification request for 
any public key Kp to be certified at the request of each embedded system Si in question, this 
request of course being formulated by a user Uti, i.e. by an entity, of having the embedded 

15 system generate, in a step 1004-5, a certification request RCA specifically containing a public 
key field CAl,Kp and the usage indicators U of this public key. When the certification 
request RCA is generated directly by the embedded system, the process can consist of 
generating the certification request RCA at the embedded system level. The request is then 
composed of three fields, i.e. a public key algorithm identifier CAl, a public key value Kp 

20 and an indicator of the uses of this key U. 

In one specific non-limiting embodiment, step 1004-5 can for example consist of 
communicating, in a step 1004, to the embedded system in question having the identifier SNi, 
a certification request template marked GRCA, this template containing all of the required 
fields except the public key fields for decryption or digital signature verification as well as 

25 the usage indicators U of the public key Kp that are the subjects of the requested certification. 
The verification of the certification request template GRCA will be described in 
greater detail later in the description. 

The certification request template GRCA, in a step 1005, then allows the embedded 
system in question to perform an operation that consists of filling in the missing fields of the 

30 certification request template GRCA. Thus, the public key field, a field that includes the 

identifier of an encryption/decryption or signature calculation algorithm CAl, for example 
the aforementioned RSA algorithm, and a public key value Kp that is the subject of the 
requested certification, as well as the field related to the usage indicators U of this public key, 



is filled in order to reconstitute a complete certification request, marked RCA, in the next step 
1005. 

In Fig. 2a, step 1005 is shown to consist of having the embedded system perform the 

complement of the aforementioned missing fields, the + symbol representing this 

5 complementary operation. Generally, it is noted that the aforementioned complementary 

operation can consist either of assigning appropriate values to dummy values already present 

in the certification request template GRCA in given fields, or if necessary, of completing this 

request template by means of concatenation operations using these appropriate values, as will 

be described later in the description. 

10 The aforementioned step 1004-5 or step 1005 is then followed by a step 1006, which 

consists of calculating, using the calculation module of the embedded system in question and 

the diversified key KsMi associated with this embedded system in step 1003, a cryptographic 

control value, marked Sci. 

Generally, it is noted that the aforementioned cryptographic control value is 

15 calculated on the entire completed request RCA and on the identifier IDdi of the embedded 

system in question. It will be recalled that the identifier IDdi of the embedded system Si is 

constituted by the identifier Opj of the authorized operator and by the serial number SNi of 

the embedded system. 

Preferably, the cryptographic control value Sci is a digital signature calculated by 

20 means of the diversified private key KsMj. 

For this reason, the cryptographic control value verifies the relation: 

Sci = SKsMi (RCA, IDdi) 

In this relation, it is noted that the subscript KsMi assigned to the signature operation S 

indicates the calculation of this signature using the diversified private key KsM, on the 

25 arguments RCA and IDdi. 

The method that is the subject of the present invention, when a certification request is 

sent by the embedded system in question to the certification authority, this operation being 

called "Request by Uti" in Fig. 2a, then consists of forming, outside the embedded system, in 

a step 1007, a certification request message, marked MRCA, composed of the request RCA 

30 completed by the embedded system in question, the identifier of the embedded system, and 

the cryptographic control value Sci in question. 

After the aforementioned step 1007, a step 1008 is provided, which consists of 

transmitting to the certification authority CA the request message MRCA formed during the 

9 



preceding step 1007. The message MRCA specifically contains the completed request to 
certify the public key Kp whose certification is being requested as well as its usage indicators 
U, this public key Kp and these usage indicators thus being subject to the aforementioned 
certification request. 

5 The method that is the subject of the present invention then consists, upon reception 

of the aforementioned certification message MRCA, of having the certification authority 
perform the operations in step 1009 in order to retrieve the identity of the authorized operator 
OPj and the identifier SNj of the embedded system from the identifier IDdi of the embedded 
system, then in step 1010, of retrieving the range of identifiers Lk to which the identifier SNj 

10 belongs from the data published by the operator OPj, then in step 101 1, of retrieving from the 
data of the set Lk the identifier of the process supported by the algorithm to be used CAIM 
and the value of the mother public key KpM associated with the set Lk. 

It is understood, in particular, that in steps 1009, 1010 and 1011, the publication in 
step 1002 of the linked variables OPj identifying the authorized operator, Lk identifying the 

15 set in question, CAIM identifying the algorithm to be used, and KpM identifying the value of 
the mother public key associated with this set of embedded systems makes it possible to 
successively retrieve the identifier of this authorized operator, followed by the value of the 
public key KpM and the identifier of the algorithm to be used CAIM, for example from the 
four published linked variables. 

20 After the obtainment by the certification authority of the value of the aforementioned 

mother public key KpM, a step 1012 is then performed, which consists of verifying, from the 
value of the mother public key KpM, from the serial number SNi of the embedded system and 
from the complete certification request RCA received, the cryptographic control value Sci. 
The operation for verifying the cryptographic control value Sc, verifies the relation: 

25 "^KPMCSKsMil 

It is noted that this verification operation consists in a signature verification operation, a dual 
operation of the signature operation performed in step 1006 for obtaining the cryptographic 
control value Sci. Thus, in step 1012, the signature verification operation is performed using 
the mother public key KpM. 
30 The implementation of the method that is the subject the present invention as 

described in connection with Fig. 2a thus makes it possible to establish the authenticity of the 
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aforementioned cryptographic control value and the source of the certification request 
presented to the certification authority. 

Under conditions that will be explained later in the description, the verification of this 
request, the source being established, makes it possible to know for sure, from the 
5 aforementioned usage value U, the dedicated usage or usages that can be implemented with 
the public key Kp, given the usage restrictions on the operations that can be performed using 
the private key Ks contained in the embedded system. It is then possible to issue a certificate 
in order to guarantee the use that can be made of this public key given the restrictions on the 
operations that can be performed using the corresponding private key. This usage guarantee 

10 can result from the combined use of two pieces of information that will then be presented in 
the certificate generated: the usage indicator of the public key and the security policy 
identifier. The security policy could indicate that the key generation was performed in an 
embedded system that has all of the required capabilities for limiting the use of the private 
keys generated in this embedded system. It could also use any other field for the extension of 

15 the certificate as explicitly provided by the X.509 v3 standard. 

A variant of implementation of the method that is the subject of the present invention, 
which makes it possible to verify a certification request template GRCA as described in Fig. 
2a, will now be described in connection with Fig. 2b. In Figs. 2a and 2b, the same steps have 
the same references. 

20 As may be seen in Fig. 2b, after step 1004, which consists of communicating a 

certification request template GRCA to the embedded system Si, but prior to step 1005, 
which consists of having the embedded system Si fill in the missing fields of the certification 
request template GRCA, the method that is the subject of the present invention can also 
consist of checking, in a step 1004a, the syntax of the aforementioned certification request 

25 template at the level of the embedded system Si in question, in order to make sure that this is 
actually a certification request. Step 1004a can then be followed by a step 1004b, for 
example consisting in a step for testing for the true value of the syntax check. In step 1004a, 
the syntax check is marked V(GRCA) and the testing step 1004b is marked V (GRCA) = 
true. 

30 Step 1005, which consists of having the embedded system Si fill in the missing fields 

of the certification request template GRCA, can then be conditioned to a positive verification, 
i.e. to a positive response to the testing step 1004b mentioned above. 
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On the other hand, if there is a negative response to the aforementioned step 1004b, a 
return 1004c to the step for loading the certification request template RCA in step 1004 can 
then be provided. 

The syntax checking step can be performed by checking the syntax of the certification 
5 request template GRCA, the aforementioned checking process possibly depending on the 

structure of the certification request template used. An example of a syntax checking process 
will be given later in the description. 

Thus, the method that is the subject of the present invention, according to a first 
aspect, makes it possible to give the usage of the private key Ks to the entity but not to give 
10 this entity any knowledge of the value of the private key Ks. In order to prevent any 

knowledge of the value of the private key, the private key/public key pair is generated by the 
protected embedded system and the private key is implemented by an algorithm contained 
directly in the embedded system. It cannot in any case be known outside the embedded 
system. 

15 According to a second remarkable aspect of the method that is the subject of the 

invention, in order to verify that the request to certify a public key is actually emanating from 
the embedded system, the method uses several techniques. In particular, it uses the 
calculation of a cryptographic control sum, which makes it possible to be sure that the request 
is in fact emanating from an embedded system customized by the operator Opj. The prior art 

20 already uses some of these techniques, which have proven somewhat inflexible, as will be 
explained below. A first technique consists of placing in each embedded system a secret key 
from which the cryptographic control sum will be calculated. The major drawback of this 
known technique is that the secret value of each embedded system must be confidentially 
conomunicated to each potential certification authority in advance. A first improvement of 

25 this feature consists of using a mother secret and of calculating the secret each embedded 
system from the serial number of the embedded system and the mother secret. The major 
drawback in the latter case is that the secret value of each mother secret corresponding to a 
given set of embedded systems must be confidentially communicated to each potential 
certification authority in advance. 

30 An original characteristic of the invention, on the other hand, is not to communicate 

any confidential information in advance, but to make only public information accessible to 
each potential certification authority, i.e. an identifier of unauthorized operator OPj, a 
reference of the set Lk, and of course the value of the mother public key KpM associated with 



an indicator of the algorithm to be used CAIM. This information allows any certification 
authority to verify the source of the request from any embedded system that belongs to a set 
of embedded systems. 

A more detailed description of the implementation of step 1003 for calculating each 
5 diversified private key KsMi will now be given in connection with Fig. 3, the operating mode 
of the aforementioned calculation being able to be implemented no matter what the 
embodiment of the method that is the subject of the invention, as described above in 
connection with Fig. 2a or Fig. 2b. 

The key diversification process implemented in step 1003, as represented in Fig. 3, 
10 can thus consist in a process supported by an algorithm known as a Zero Knowledge 

Signature Mechanism and the algorithms known by the names FIAT-SHAMIR or GUILLOU 
QUISQUATER that are usable for this purpose. For this reason, as indicated in Fig. 3, each 
diversified private key KsMi is considered to have been obtained by implementing processes 
supported by the FIAT-SHAMIR algorithm F-S or the GUILLOU-QUISQUATER algorithm 
15 G-Q and thus verifies the relation: 

KsMi = D-F-S (KsM, SNi) 
KsMi = D-G-Q (KsM, SN;) 
a relation in which D-F-S and D-G-Q designate the implementation of the key diversification 
processes supported by the FIAT-SHAMIR and GUILLOU-QUISQUATER algorithms, 
20 respectively. 

The technique used consists of placing in each embedded system a diversified private 
key calculated from the serial number of the embedded system and from a mother private 
key, which diversified key will be used to calculate the cryptographic control sum. The 
Certification Authority CA will then be able to verify the exactitude of the cryptographic 

25 control sum thus calculated by implementing the algorithm CAIM corresponding to the type 
of algorithm used using only the serial number of the embedded system and the mother 
public key corresponding to the set Lk to which the embedded system belongs. 

Because of thus, it is not necessary to know in advance which Certification Authority 
will be chosen by the entity, since each Certification Authority will be capable, particularly 

30 after the reception of the certificate request, of obtaining the mother public key corresponding 
to the set to which the embedded system belongs. The management of a large number of 
embedded systems, for example several million, is therefore greatly simplified, thus allowing 
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a wide dissemination of such cryptographic systems, in strict conformity with the national 
legislative provisions authorizing their use. 

Various elements describing the structure of the messages or data used to implement 
the method that is the subject of the present invention will now be given in connection with 
5 Figs. 4a through 4c. 

Fig. 4a represents a simplified version of the structure of a certification request 
message. In this simplified embodiment, the embedded system generates all of the fields of 
the request RCA by concatenating the following information: the public key field that 
comprises the identifier of the algorithm used CAl, the value of the public key Kp, and a key 

10 usage field U, which are the subjects of the requested certification. These fields can, for 

example, be subjected to a coding in accordance with the standard ASNl, for Abstract Syntax 
Notation 1, in order to l^e able to delimit the size of each field and to be sure of the nature of 
each field. Finally, the cryptographic control value Scj is calculated on the preceding 
information, then added to the preceding information. 

15 In this simplified embodiment, all of the aforementioned fields allow the 

implementation of the method that is the subject of the present invention, for example as 
represented in Fig. 2. 

Fig. 4b represents a structure of a completed request message, for example in a format 
in accordance with the aforementioned ANS 1 coding. In this case, the coding of these 

20 messages is performed in accordance with the so-called TLV mode, in which T designates 
the type of the field, L ithe length of the latter and V the value of the field. 

Fig. 4b, at point 1), represents the structure of a certification request template GRCA 
in such a case, which is; considered to be formed by a set of fields TLV that are sequential or 
interleaved in accordance with the ASNl standard. This request template is formed outside 

25 the embedded system. It must include, and this is verified by the embedded system, three 

fields and three fields only, which correspond to: 1) a type of algorithm identifying field, 2) a 
type of public key value field, 3) a type of public key usage indicator field. The position of 
each of these fields among the other fields of the request template must also correspond to a 
precise position, i.e. it inust be preceded and followed by predetermined different types of 

30 fields. 

Under these conditions, beginning with the aforementioned certification request 

template to GRCA, the syntax check represented in step 1004b of Fig. 2b can consist of 

verifying the value of the type of the first field, then based on this type or on the length of this 
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field, moving with on to the next type. When moving on, it is appropriate to store all of the 
various types found, thc;n verify that the three types of fields required are located in the 
positions where they should be placed. For each of the three fields, it is then appropriate to 
verify their length, as well as the value of the field CAl. In essence, this means verifying that 
5 the required algorithm type actually corresponds to the type of key generated corresponding 
to this algorithm. For tine fields formed outside the embedded system, which must definitely 
contain the value of the public key Kp and the value of the usage indicator U of the key, these 
two values can contain any value, the values 0 or 1 as represented in Fig. 4b, since the 
embedded system will replace them with the appropriate internally generated values. 

10 After the recognition of the true value of the verification thus performed, a 

verification marked V(<jrRCA) in step 1004a of Fig. 2b, the values of the two fields can be 
replaced by the values generated by the embedded system. The usage field U substituted can 
consist of a bit string, the first bit representing for example an encryption/decryption usage 
C/D, the value 1 indicating encryption and the value 0 a lack of encryption, the second bit 

15 corresponding for exanriple to a digital signature or authentication usage A, the third bit 

corresponding for example to a non-repudiation operation NR using a digital signature, for 
example. 

The value of the; public key Kp can be replaced by bit values of this corresponding 

key. 

20 Finally, in refenjnce to Fig. 4c, the structure of the certification request template 

GRCA, loaded on the initiative of the user Uti, can include a field related to an identifier of 
this user Uti, a field related to the value of the key Kp, a public key whose certification is 
requested by the user, a field related to the usage or usages of this key U and a field Plu 
related to the ranges of the validity or utilization of the aforementioned key Kp. 

25 More specifically, it is noted that the field related to the identifier of the user Uti is 

filled in by the user at tide time of his certification request, while the fields related to the value 
of the key Kp and the field related to the uses of this key are filled in by the embedded system 
itself. 

The field related to the identifier of the user Uti can correspond to the serial number 

30 SNi of the embedded sy stem itself. 

A more detailed description of the implementation of step 1012, which consists of 

having the certification authority verify the certification request message MRCA and in 

particular the cryptographic control value Scj, will be described in connection with Fig. 5. 
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Generally, it is noted that each verification step is performed using a signature 
verification process, particularly for verifying the cryptographic control value Sci, which is 
none other than a signature obtained from the diversified private key KsMj in step 1006, 
described previously in the description. Under these conditions, the verification operation i& 
KpM consists in the dual operation of the one performed in the aforementioned step 1006. 

As shown in Fig. 5, the input variables are, in addition to the mother public key KpM 
that was retrieved following the execution of steps 1009, 1010 and 1011 of Fig. 2a or 2b, the 
cryptographic control value Sci and the certification request message MRCA as well as the 
identifier IDdi of the embedded system, i.e. the identifier of the operator OPj and the serial 
number SNi of the embedded system in question. The aforementioned dual verification 
operation of the signature operation with the aforementioned input variables as parameters 
then allows, a yes or nci response, i.e. the establishment of the true value or of the value 
complemented by this true value, considered to be false value, of the verification operation. 

While the source of the certification request is thus able to be verified in accordance 
with the implementation of the method that is the subject of the present invention, as 
represented in Fig. 2a and/or 2b, the aforementioned method also makes it possible to 
modulate the strength of the cryptographic operations, i.e. the encryption/decryption and 
signature calculation/v«;rification operations assigned to each embedded system Si in 
question. 

Thus, according, to a particularly remarkable aspect of the method that is the subject 
of the present invention, it makes it possible, as a result of the requested certification of a 
given public key and the uses of this public key, either to accredit the embedded system Si 
requesting this certification for performing decryption operations in accordance with a 
process supported by a weak algorithm, or to accredit this embedded system or the entity in 
possession of this embedded system only for operations supported by an algorithm limited to 
just signature calculation operations. 

It is understood, in particular, that as a function of the value of the bits of the usage 
field of the key in question, a usage value coded for example in 2 bits, the value IX of which 
2 bits could correspond to a decryption usage in accordance with a process supported by a 
weak algorithm and the value XI could correspond to an operation in accordance with a 
process supported by a signature generation algorithm only, the accredited embedded system 
could perform either of these operations or even both operations, but not any other operations 
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such as strong decryption. It is also noted that the same embedded system could comprise 
several keys, some of tliese comprising for example the usage bits with the value 10, thus 
limiting their usage to ^veak decryption purposes, and others with the value 01, thus limiting 
their usage to signature generation purposes. 
5 A decryption process supported by a weak algorithm according to the subject of the 

present invention will now be described in connection with Fig. 6. 

Generally, it is noted that an encryption or decryption key used by the RS A algorithm, 
an asymmetric key, generally comprises 512 or more bits, while a symmetric key generally 
includes from 40 to 192 bits. It is therefore necessary to fill in the remaining bits, for example 

10 with a header. It is possible, for example, in the string of 512 bits thus created, to provide a 
header constituted by s]3ecific arbitrary dummy values, the values 02, 00 and in hexadecimal 
code FFF followed by two bytes with the value 00 on the entire value of the header with 
which a symmetric secret key, right-aligned, is concatenated, all of which constitutes a bit 
string of 512 bits. In the case where the symmetric secret key KSF comprises 64 or more bits, 

15 the symmetric secret key decryption process is considered to be strong, and does not 
correspond to the subject of the present invention in this embodiment. 

On the other hand, when the symmetric secret key field KSf is less than or equal to 40 
bits, the header field accordingly being completed, for example, by hexadecimal values FFF 
followed by a predetermined number of 00s, the secret key field is a field of a symmetric 

20 weak decryption key and thus corresponds to a weak decryption function capable of being 
implemented according to the method that is the subject of the present invention. 

In such a case, according to a particularly remarkable aspect of the method that is the 
subject of the invention, for a set of asymmetric keys, a public encryption key marked Ep and 
a private decryption key marked Ds generated by the embedded system Si, the encryption key 

25 Ep corresponding to the public key Kp whose certification has been requested as mentioned 
previously in the description, and the private decryption key Ds corresponding to the private 
key Ks mentioned previously in the description, the method that is the subject of the 
invention consists of associating with the decryption key Ds and with the corresponding 
asymmetric decryption process supported for example by the RS A algorithm, a weak 

30 decryption process and key supported for example by the DES algorithm and whose 

symmetric key has a length less than or equal to 40 bits. Thus, referring to Fig. 6, it is noted 
that the weak symmetric secret key, marked KSf, completed by its header of arbitrary value 
as mentioned previously in the description, is subjected to an encryption process in order to 



obtain an encrypted key from the public asymmetric encryption key Ep. The encrypted key 
thus obtained is then subjected to a decryption process by means of the private asymmetric 
decryption key Ds while, according to the method that is the subject of the present invention, 
this private decryption key Ds is stored in the externally accessible read/write-protected 
5 storage area of the embedded system and is therefore unknown to the user. The 

aforementioned decryption process therefore makes it possible to obtain a decrypted key 
whose structure is none other than the header mentioned previously in the description and the 
weak symmetric key KSf whose length is determinant. 

If the length of the weak symmetric key KSf is less than or equal to 40 bits, the header 

10 being distinguished simply by referring to the corresponding header values, and the 
synometric key and in particular the weak symmetric key KSf consequently also being 
distinguished, this wealc symmetric key KSf can then be made available to the entity 
possessing the embedd(5d system for decryption operations in accordance with a process 
supported by a weak aljgorithm. Under these conditions, the symmetric weak decryption key 

15 KSf only allows the latter to decrypt cryptograms C into messages M using a weak 
decryption algorithm as represented in Fig. 6. 

If, on the other hand, the length of the bit string representing the symmetric key 
except for the aforementioned header is greater than 40 bits, the symmetric key, whose length 
is greater than 40 bits, is not made available to the entity possessing the embedded system, 

20 which is therefore incapable of performing decryption operations in accordance with a 
process supported by a strong algorithm. 

An embedded system that makes it possible, in particular, to implement the method 
that is the subject of the; present invention will now be described in connection with Fig. 7. In 
a non-limiting way, this embedded system is represented and described in the form of a 

25 microprocessor card. 

Referring to the aforementioned Fig. 7, the embedded system comprises, in a 
conventional way, the same elements as those described in connection with Fig. 1, i.e. a 
calculation unit 14, a RAM 16, a nonvolatile memory 18 comprising a programmable 
memory 18a comprisin]g an externally accessible protected storage area MAP, a 

30 cryptographic calculation module 20 and an input/output system 12 connected by a link of the 
BUS type. In order to unplement the method that is the subject of the present invention, this 
embedded system comprises at least a diversified key KsMi stored in the externally accessible 
protected memory MAP. This diversified private key is unique and distinct for this embedded 



system. It is calculated from a mother private key KsM and an identification number of this 
embedded system and is associated with a mother public key KpM. 

The cryptographic module 20 comprises a module MCS for calculating a signature 
from the diversified private key KsMi, making it possible to calculate the signature of a 
5 request to certify a public key Kp associated with a private encryption key Ks, or signature 
key, respectively. The private key Ks is generated by the signature calculation module MCS 
and stored in the protected memory MAP. The signature of a certification request is a 
function of the identific ation number of this embedded system. The signature calculation 
module MCS makes it ]possible to transmit to a certification authority a certification request 

10 message comprising this certification request and the aforementioned signature. This allows 
the certification authority to verify the source of the certification request from this embedded 
system 10 and the protesction of the diversified private key KsMi and private signature key Ks 
in the externally accessible protected memory MAP using only public elements, such as the 
mother public key KpM. The signature calculation module MCS, can be installed in a ROM 

15 part 18b of the nonvolatile memory 18 and called upon request by the cryptographic 
calculation module 20. 
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CLAIMS 



1 1 . Method for verifying the usage of public keys derived from a set of 

2 asymmetric keys, a public key (Kp) and private key (Ks) generated for a given use, such as 

3 encryption/decryption or digital signature verification/generation, by an embedded system 

4 and stored in the storage area of an embedded system (Si) equipped with cryptographic 

5 calculation means and (jxtemally accessible read/write-protected means for storing digital 



6 data, this digital data (IDdi) comprising at least a serial number (SNi) for identifying the 

7 embedded system and an identification code (Opj) of an operator authorized to configure said 

8 embedded system, this request being formulated by said embedded system by transmitting a 

9 request message (MRCA) containing said public key (Kp) to a certification authority (CA), 
10 characterized in that this process consists: 



1 1 • prior to any transmission of a certification request, during the configuration of these 

1 2 embedded systems by this authorized operator for all the embedded systems (Si) of a set (Lk) 

13 of embedded systems: 

■ 14 - of having this authorized operator generate, for this set of embedded systems, a 

15 mother public key (KpM) and a mother private key (KsM) used in connection with a process 

1 6 supported by an algorithm (CAIM); 

" 17 - of publishing said mother private key (KpM) associated with the algorithm (CAIM), 

18 the identity of this authorized operator (OPj), and with a set (Lk) defining a range of 

19 embedded system identifiers; 

20 - of calculating, for each embedded system belonging to this set (Lk) of embedded 

21 systems, from said mother private key (KsM) and from the serial number (SNj) of the 

22 embedded system, a diversified private key (KsMi), and of storing said diversified private key 

23 (KsMi) in said externally accessible, read/write-protected storage area, and; 

24 • prior to any transmission of a certification request message: 

25 - of having the embedded system generate a certification request (RCA) containing, in 

26 particular, a field of the; public key (CAl , Kp) and the usage indicators (U) of this public key, 

27 - of calculating, using said calculation means and said diversified key (KsMi) 

28 associated with this embedded system, a cryptographic control value (Sci) on the entire 

29 request (RCA), said cryptographic control value being a digital signature calculated by means 

30 of the diversified private key (KsMi); 
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3 1 • when a certification request is sent to the certification authority by the embedded 

32 system: 

33 - of forming a certification request message (MRCA) containing the request (RCA), the 

34 identifier (IDdi) of the embedded system, the latter being constituted by the identifier (OPj) of 

35 this authorized operator and by the serial number (SNi) of the embedded system, and the 

36 cryptographic control value (Sci); 

37 - of transmitting to the certification authority (CA) said request message (MRCA) 

38 formed during the preceding phase and containing the public key (Kp) and the usage 

39 indicators (U) subject to said certification, and said cryptographic control value (Sci); 

40 • when a certification request message (MRCA) is received by the certification 

41 authority: 

42 - of retrieving the identity of the authorized operator (OPj) from the identifier (IDdi) of 

43 the embedded system, 

44 - of retrieving, from said identifier (OPj) of this authorized operator, the value of the 

45 mother public key (Kplvl) as well as the identifier of the algorithm (CAIM) associated with 

46 the set to which the embedded system belongs, 

47 - of verifying, from said mother public key (KpM), from said serial number (SNi) of the 

48 embedded system, and from said certification request message (MRCA) received, said 

49 cryptographic control value (Sci), which makes it possible to establish the authenticity of this 

50 cryptographic control value and the source of this certification request. 



1 2. Method according to claim 1, characterized in that when the certification 

2 request is generated by the embedded system, the method also consists of generating, at the 

3 embedded system level, the certification request (RCA), which is composed of three fields, 

4 i.e.: a public key algorithm identifier (CAl), a public key value (Kp), and an indicator of the 

5 usages of this key (U). 

1 3. Method according to claim 1, characterized in that when the certification 

2 request is completed by the embedded system during the step consisting of communicating a 

3 certification request template (GRCA) to said embedded system, the method also consists: 

4 - of checking, at the embedded system level, the syntax of the certification request 

5 template (GRCA) in order to make sure that it is a correctly formed certification request, and 
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6 - of conditioning the step consisting of having the embedded system fill in the missing 

7 fields of the certification request template (GRCA) to a positive verification. 

1 4. Method according to claim 1, characterized in that, for a set of asymmetric 

2 signature keys (Kp), (Ks) generated by said embedded system, the cryptographic calculation 

3 means of this embedded system allowing the use of the private key (Ks) only for signature 

4 generation purposes, said private key (Ks) stored in said externally accessible read/write- 

5 protected storage area bteing unknov^n to the user and limited to a utilization exclusively for 

6 digital signature purposes, the utilization of said key is limited to signature purposes and the 

7 utilization of the certificate containing the corresponding public key is limited, in practice, to 

8 signature verification purposes. 

1 5. Method according to claim 1, characterized in that for a set of asymmetric 

2 keys, a public encryption key (Ep) and a private decryption key (Ds) generated by said 

3 embedded system, the method consists of associating, with said keys (Ep), (Ds) and with the 

4 asymmetric decryption process, a symmetric "weak" decryption process and key, the 

5 symmetric decryption key being encrypted, then decrypted, by means of the private 

6 asymmetric decryption key (Ds), said private key (Ds) stored in said externally accessible 

7 read/write protected storage area being unknown to the user, which makes it possible to 



8 authorize the utilization of said key only for weak decryption purposes, the utilization of the 

9 certificate containing the corresponding public key being limited, in practice, to weak 
10 encryption purposes. 

1 6. Embedded system comprising a calculation unit, a RAM, a nonvolatile 

2 memory comprising a programmable memory comprising an externally accessible protected 

3 storage area, a cryptographic calculation module and an input/output system connected by a 

4 link of the BUS type, characterized in that said embedded system comprises at least: 

5 - a diversified key KsMi stored in said externally accessible protected memory, said 

6 diversified private key, unique and distinct for this embedded system and calculated from a 

7 mother private key KsM and an identification number of this embedded system, being 

8 associated with a moth(2r public key KpM; said cryptographic calculation module comprising: 

9 - means for calc:ulating a signature from said diversified private key KsMj , making it 

10 possible to calculate the signature of a request to certify a public key Kp associated with a 

22 



1 1 private encryption key Ks or signature key, respectively, said private key Ks generated by 

12 said signature calculation means being stored in said protected memory, this signature of a 

13 certification request being a function of the identification number of this embedded system, 

14 said signature calculation means making it possible to transmit to a certification authority a 

15 certification request message containing said certification request and said signature, which 

16 allows said certification authority to verify the source of the certification request from this 

17 embedded system and the protection of said diversified private key and private signature key 

18 in said externally accessible protected memory using only public elements, such as said 

19 mother public key KplVI. 
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ABSTRACT 



A method and an embedded system for verifying a request to certify a public key (Kp) 
generated by an embed(Jed system with the identifier (SNi). 
5 For a set (Lk) of embedded systems, an authorized operator with the identifier (OPj) 

configures the embedde;d systems and creates (1001) a mother public key (KpM) and a 
mother private key (KsM). The identifier (OPj), the range of identifiers referenced (Lk) and 
the mother public key (KpM) are published (1002). For each embedded system (SNi), a 
diversified key (KsMi) is created from the identifier (SNi) and stored (1003) in read- and 

10 write-protected storage, For every public key (Kp) generated by an embedded system, a 
cryptographic control value (Sci) is calculated (1006) on the public key (Kp), an algorithm 
identifier (CAl) and th(2 utilization parameters (U) of this key, using a zero knowledge 
signature algorithm, and a certification request message (MRCA) that includes the control 
value (Sci), the identifi(jr of the operator (Opj), and the identifier (SNi) is transmitted to a 

15 certification authority, which retrieves the identifier (Opj) (1009) and the value of the mother 
public key (KpM) (101 1). A verification (1012) of the message (MRCA) from the mother 
public key (KpM) and From the identifier of the embedded system (Sni) makes it possible to 
be sure that the request to certify a public key (Kp) and the utilization of the latter actually 
originates from an embedded component capable of limiting the use of this key. 

20 Fig. 2a . 
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Declaration and Power of Attorney For Patent Application 
Declaration Pour Demandes de Brevets Avec Pouvoirs 


French Language Declaration 


En tant qu' inventeur nomme ci-apres, Je declare par le pre- 
sent acte que; 


As a below named inventor, 1 hereby declare that: 


Mon nom, mon domicile, mon adresse postale, ma nationaiite 
sont ceux qui figurent ci-apres. 


My residence, post office address and citizenship are as stated 
below next to my name. 


Je declare que je crois etre I'inventeur original, premier et 
'I unique (si un seul nom figure sur le present acte) ou un des 

co-inventeurs, originaux et premiers (si plusieurs noms fi- 
^ gurent sur le present acte) du sujet revendique et pour liquel 
4 un brevet est demande sur la base de Tinvention intitulee: 

Precede de verification de I'usage de cles 
publiques eiiyeiidiees pai uii t>ysl6into 


1 believe 1 am the onginal, first and sole inventor (if only one 
name is listed below) or an onginal, first and joint inventor (if 
plural names are listed below) of the subject matter which is 
claimed and forwhichapatentissought on the invention entitled 


I [ dont la description 

(cocher la case correspondante) 


the specification of which 
(check one) 


:i est annex ee au present acte. 

= . □ a ete deposee — 


□ is attached hereto. 

□ was filed on _ as 


Numero de serie de la demande 


Application Serial No — 


et modifiee le 

(si approprie) 


and was amended on _ 

(if applicable) 


Je declare par le present acte avoir examine et compris le 
contenu de la description identifiee ci-dessus, revendications 
y compris, et le cas echeant teiie que modifiee par I'amend- 
ment cite plus haut. 


1 hereby state that 1 have reviewed and understand the con- 
tents of the above identified specification, including the claims, 
as amended by any amendment referred to above. 


Je reconnais le devoir de divulguer I'lnformation qui est en 
rapport avec I'examen de cette demande selon Titre 37 du 
Code des Reglements Federaux §1. 56(a). 

Page 


1 acknowledge the duty to disclose information which is ma- 
tenal to the examination of this application in accordance with 
Title 37, Code of Federal Regulations, §1. 56(a). 
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French Language Declaration 



Je revendique par le present acte le benefice de priorite 
etrangere selon Titre 35, du Code des Etats-Unis, §119 de 
toute demande de brevet ou d'attestation d'inventeur enu- 
meree ci-apres, et j'ai identifie egalement ci-apres toute de- 
mande etrangere de brevet ou d'attestation d'inventeur ayant 
une date de depot anterieure a celle de la demande pour 
laquelle la pnorite est revendiquee. 



I hereby claim foreign priority benefits under Title 35, United 
States Code, §1 19 of any foreign application(s) for patent or 
inventor's certificate listed below and have also identified 
below any foreign application for patent or inventor's certifi- 
cate having a filing date before that of the application on 
which priority is claimed: 



Pnor foreign applications 
Demande(s) de brevet anterif 



■e(s) dans un autre pays: 



Droit de priorite 
revendique 



(Pays) 



(3ay'yBorit1i^f?r 



Je revendique par le present acte, le benefice selon Titre 35 
du Code des Etats-Unis, §120 de toute(s) demande(s) ame- 
ricaines enumeree{s) ci-apres et, dans la mesure ou le sujet 
de chacune des revendications de cette demande n'est pas 
divulgue dans la demande americaine anterieure, de ia fa^on 
definie par le premier paragraphe de Titre 35 du Code des 
Etats-Unis, §112, je reconnais le devoir de divulguer I'infor- 
mation pertinente selon Titre 37 du Code des Reglements 
Federaux, §1. 56(a), toute information qui se presente entre 
la date de depot de la demande anterieure et ia date de depot 
de la demande, soit nationale, soil Internationale PCT. 

(Application' Sena) No.) (Filing Date) 

(No. de Demande) (Date de Depot) 



I hereby claim the benefit under Title 35, United States Code, 
§120 of any United States application(s) listed below and, 
insofar as the subject matter of each of the claims of this 
application is not disclosed in the prior United States appli- 
cation in the manner provided by the first paragraph of Title 
35, United States Code, §112, I acknowledge the duty to 
disclose material information as defined in Title 37, Code of 
Federal Regulations, §1. 56(a) which occurred between the 
filing date of the prior application and the national or PCT 
international filing date of this application: 



(Etat) (Status) 
(brevetee, pendante. (patented, pending, 

abandonne) abandoned) 



(Application Senal No.) 
(No. de Demande) 



(Filing Date) 
(Date de Depot) 



(Etat) 
(brevetee, pendante, 
abandonnee) 



(Status) 
(patented, pending, 
abandoned) 



Je declare par le present acte que toutes mes declarations, 
a ma connaissance, sont vraies et que toutes les declarations 
faites a partir de renseignements ou de suppositions, sont 
tenues pour etre vraies; de plus, toutes ces declarations ont 
ete faites en sachant que de fausses declarations volontaires 
u autres actes de meme nature sont sanctionees par une 
amende ou un emprisonnement, ou les deux, selon la Section 
1001, du Titre 18 de Code des Etats-Unis et que de selles 
declarations deliberement fausses peuvent compromettre la 
validite de la demande ou du brevet delivre. 



I hereby declare that all statements made herein of my own 
knowledge are true and that all statements made on infor- 
mation and belief are believed to be true; and further that 
these statements were made with the knowledge that willful 
false statements and the like so made are punishable by fine 
or imprisonment, or both, under Section 1001 of Title 18 of 
the United Slates Code and that such willful false statements 
may jeopardize the validity of the application or any patent 
issued thereon. 
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POUVOIR: En tant qu'inventeur, j« designe l'(les) avocat(s) 
et/ou l'(les) agent(s3 suivant(s) pour poursuivre la procedure 
de cette demande et traiter toute aftaire la concernant supris 
du Bureau des Brevets et de Marques: 

Harold L. Stowell, Reg. 17,233 
Edward J. Kondracki., Reg. 20,604 
Dennis P. Clarke, Reg. 22,549 
William L. Feeney, Reg. 29,918 
John C. Kerins, Reg. 32,421 



POWER OF ATTORNEY: As a named inventor, I hereby 
appoint the following attorney{s) and/or agent(s) to prosecute 
this application and transact all business in the Patent and 
Trademark Office connected therewith, {list name and reg- 
istration number) 

Harold L. Stowell, Reg 
Edward J. Kondracki, Reg. 20,604 
Dennis P. Clarke, Reg. 22'SS?''^ 
William L. Feeney, Reg. . 29,2X 3 
John C. Kerins, Reg. 32,421 



Adresser toure correspondance a: 

Edward J. Kondracki, Esq. 
KERKAM, STOWELL, KONDRACKI 

& CLARKE, P.C. 
5203 Leesburg Pike, Suite 600 
Falls Church, VA 22041 



Send Correspondence to: 
Edward J_^ KoBil^^ki, Esq. 
KERK^^ S^WELU- KO^AGKL 
ic^CLARKE, P^.C. 

_520£Teesb^rOlB;, Suite_600, 

'Falls''°Church , VA 



Adresser toute communication telephonique a: 
(Nom) {Numero de teleptione) 

Edward J. Kondracki, Esq. 

(703) 998-3302 



" Direct telephone CaKslartnWve~and telephone number) 



Edward J. Kondracki, 
(703) 998-3302 



Esq. 



Nom complet du seul ou premier inventeur 


Full name of sole or first inventor 


■^Sig nature i3§T!b^*ntet3r^-^^ Date 


Inventor's signature Date 


3?>°ave''les Gardes 92370 CHAVILLEj- ¥RmC^^^j/ 


Residence 




Citizenship 


Adresse Postale 
3 Pave des Gardes 92370 CHAVILLE- FRANCE 


Post Office Address 






Nom compiet du second co-inventeur, le cas echeant 


Full name of second joint inventor, if any 


Signature de I'lnventeur Date 


Second Inventor's signature Date 


Domicile 


Residence 


Nationalite 


Citizenship 


Adresse Postale 


Post Office Address 







(Fournir les memes renseignements et la signature de tout (Supply similar information and signature for third and sub- 
co-inventeur supplementaire.) sequent joint inventors.) 
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